* [PATCH][GIT PULL][3.8] x86: Don't clobber top of pt_regs in nested NMI
@ 2012-11-02 19:19 Steven Rostedt
2012-11-05 8:58 ` Jan Beulich
0 siblings, 1 reply; 4+ messages in thread
From: Steven Rostedt @ 2012-11-02 19:19 UTC (permalink / raw)
To: LKML
Cc: Ingo Molnar, H. Peter Anvin, Thomas Gleixner, Andrew Morton,
Salman Qazi, Jan Beulich
Ingo,
Please pull the latest tip/x86/asm tree, which can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git
tip/x86/asm
Head SHA1: 28696f434fef0efa97534b59986ad33b9c4df7f8
Salman Qazi (1):
x86: Don't clobber top of pt_regs in nested NMI
----
arch/x86/kernel/entry_64.S | 41 +++++++++++++++++++++++++++--------------
1 file changed, 27 insertions(+), 14 deletions(-)
---------------------------
commit 28696f434fef0efa97534b59986ad33b9c4df7f8
Author: Salman Qazi <sqazi@google.com>
Date: Mon Oct 1 17:29:25 2012 -0700
x86: Don't clobber top of pt_regs in nested NMI
The nested NMI modifies the place (instruction, flags and stack)
that the first NMI will iret to. However, the copy of registers
modified is exactly the one that is the part of pt_regs in
the first NMI. This can change the behaviour of the first NMI.
In particular, Google's arch_trigger_all_cpu_backtrace handler
also prints regions of memory surrounding addresses appearing in
registers. This results in handled exceptions, after which nested NMIs
start coming in. These nested NMIs change the value of registers
in pt_regs. This can cause the original NMI handler to produce
incorrect output.
We solve this problem by interchanging the position of the preserved
copy of the iret registers ("saved") and the copy subject to being
trampled by nested NMI ("copied").
Link: http://lkml.kernel.org/r/20121002002919.27236.14388.stgit@dungbeetle.mtv.corp.google.com
Signed-off-by: Salman Qazi <sqazi@google.com>
[ Added a needed CFI_ADJUST_CFA_OFFSET ]
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index b51b2c7..811795d 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -1699,9 +1699,10 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
- leaq -6*8(%rsp), %rdx
+ leaq -1*8(%rsp), %rdx
movq %rdx, %rsp
- CFI_ADJUST_CFA_OFFSET 6*8
+ CFI_ADJUST_CFA_OFFSET 1*8
+ leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
pushq_cfi %rdx
pushfq_cfi
@@ -1709,8 +1710,8 @@ nested_nmi:
pushq_cfi $repeat_nmi
/* Put stack back */
- addq $(11*8), %rsp
- CFI_ADJUST_CFA_OFFSET -11*8
+ addq $(6*8), %rsp
+ CFI_ADJUST_CFA_OFFSET -6*8
nested_nmi_out:
popq_cfi %rdx
@@ -1736,18 +1737,18 @@ first_nmi:
* +-------------------------+
* | NMI executing variable |
* +-------------------------+
- * | Saved SS |
- * | Saved Return RSP |
- * | Saved RFLAGS |
- * | Saved CS |
- * | Saved RIP |
- * +-------------------------+
* | copied SS |
* | copied Return RSP |
* | copied RFLAGS |
* | copied CS |
* | copied RIP |
* +-------------------------+
+ * | Saved SS |
+ * | Saved Return RSP |
+ * | Saved RFLAGS |
+ * | Saved CS |
+ * | Saved RIP |
+ * +-------------------------+
* | pt_regs |
* +-------------------------+
*
@@ -1763,9 +1764,14 @@ first_nmi:
/* Set the NMI executing variable on the stack. */
pushq_cfi $1
+ /*
+ * Leave room for the "copied" frame
+ */
+ subq $(5*8), %rsp
+
/* Copy the stack frame to the Saved frame */
.rept 5
- pushq_cfi 6*8(%rsp)
+ pushq_cfi 11*8(%rsp)
.endr
CFI_DEF_CFA_OFFSET SS+8-RIP
@@ -1786,12 +1792,15 @@ repeat_nmi:
* is benign for the non-repeat case, where 1 was pushed just above
* to this very stack slot).
*/
- movq $1, 5*8(%rsp)
+ movq $1, 10*8(%rsp)
/* Make another copy, this one may be modified by nested NMIs */
+ addq $(10*8), %rsp
+ CFI_ADJUST_CFA_OFFSET -10*8
.rept 5
- pushq_cfi 4*8(%rsp)
+ pushq_cfi -6*8(%rsp)
.endr
+ subq $(5*8), %rsp
CFI_DEF_CFA_OFFSET SS+8-RIP
end_repeat_nmi:
@@ -1842,8 +1851,12 @@ nmi_swapgs:
SWAPGS_UNSAFE_STACK
nmi_restore:
RESTORE_ALL 8
+
+ /* Pop the extra iret frame */
+ addq $(5*8), %rsp
+
/* Clear the NMI executing stack variable */
- movq $0, 10*8(%rsp)
+ movq $0, 5*8(%rsp)
jmp irq_return
CFI_ENDPROC
END(nmi)
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH][GIT PULL][3.8] x86: Don't clobber top of pt_regs in nested NMI
2012-11-02 19:19 [PATCH][GIT PULL][3.8] x86: Don't clobber top of pt_regs in nested NMI Steven Rostedt
@ 2012-11-05 8:58 ` Jan Beulich
2013-01-23 20:00 ` Steven Rostedt
0 siblings, 1 reply; 4+ messages in thread
From: Jan Beulich @ 2012-11-05 8:58 UTC (permalink / raw)
To: Steven Rostedt
Cc: Salman Qazi, Ingo Molnar, Thomas Gleixner, Andrew Morton,
H. Peter Anvin, LKML
>>> On 02.11.12 at 20:19, Steven Rostedt <rostedt@goodmis.org> wrote:
> @@ -1842,8 +1851,12 @@ nmi_swapgs:
> SWAPGS_UNSAFE_STACK
> nmi_restore:
> RESTORE_ALL 8
> +
> + /* Pop the extra iret frame */
> + addq $(5*8), %rsp
This could (for code efficiency) and should (for CFI annotation
correctness) be folded into the RESTORE_ALL above (by
converting "8" to "6*8").
Jan
> +
> /* Clear the NMI executing stack variable */
> - movq $0, 10*8(%rsp)
> + movq $0, 5*8(%rsp)
> jmp irq_return
> CFI_ENDPROC
> END(nmi)
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH][GIT PULL][3.8] x86: Don't clobber top of pt_regs in nested NMI
2012-11-05 8:58 ` Jan Beulich
@ 2013-01-23 20:00 ` Steven Rostedt
2013-01-24 8:51 ` Jan Beulich
0 siblings, 1 reply; 4+ messages in thread
From: Steven Rostedt @ 2013-01-23 20:00 UTC (permalink / raw)
To: Jan Beulich
Cc: Salman Qazi, Ingo Molnar, Thomas Gleixner, Andrew Morton,
H. Peter Anvin, LKML
On Mon, 2012-11-05 at 08:58 +0000, Jan Beulich wrote:
> >>> On 02.11.12 at 20:19, Steven Rostedt <rostedt@goodmis.org> wrote:
> > @@ -1842,8 +1851,12 @@ nmi_swapgs:
> > SWAPGS_UNSAFE_STACK
> > nmi_restore:
> > RESTORE_ALL 8
> > +
> > + /* Pop the extra iret frame */
> > + addq $(5*8), %rsp
>
> This could (for code efficiency) and should (for CFI annotation
> correctness) be folded into the RESTORE_ALL above (by
> converting "8" to "6*8").
Hi Jan,
This change never made it in. Would you like to send a patch, or would
you want me to do it?
-- Steve
>
> Jan
>
> > +
> > /* Clear the NMI executing stack variable */
> > - movq $0, 10*8(%rsp)
> > + movq $0, 5*8(%rsp)
> > jmp irq_return
> > CFI_ENDPROC
> > END(nmi)
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH][GIT PULL][3.8] x86: Don't clobber top of pt_regs in nested NMI
2013-01-23 20:00 ` Steven Rostedt
@ 2013-01-24 8:51 ` Jan Beulich
0 siblings, 0 replies; 4+ messages in thread
From: Jan Beulich @ 2013-01-24 8:51 UTC (permalink / raw)
To: Steven Rostedt
Cc: Salman Qazi, Ingo Molnar, ThomasGleixner, Andrew Morton,
H. Peter Anvin, LKML
>>> On 23.01.13 at 21:00, Steven Rostedt <rostedt@goodmis.org> wrote:
> On Mon, 2012-11-05 at 08:58 +0000, Jan Beulich wrote:
>> >>> On 02.11.12 at 20:19, Steven Rostedt <rostedt@goodmis.org> wrote:
>> > @@ -1842,8 +1851,12 @@ nmi_swapgs:
>> > SWAPGS_UNSAFE_STACK
>> > nmi_restore:
>> > RESTORE_ALL 8
>> > +
>> > + /* Pop the extra iret frame */
>> > + addq $(5*8), %rsp
>>
>> This could (for code efficiency) and should (for CFI annotation
>> correctness) be folded into the RESTORE_ALL above (by
>> converting "8" to "6*8").
>
> This change never made it in. Would you like to send a patch, or would
> you want me to do it?
Let me do so - I have a patch pending for the CFI part of this
already, and simply forgot that folding the two operations would
be the simpler solution to the issue.
Jan
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-01-24 8:51 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-11-02 19:19 [PATCH][GIT PULL][3.8] x86: Don't clobber top of pt_regs in nested NMI Steven Rostedt
2012-11-05 8:58 ` Jan Beulich
2013-01-23 20:00 ` Steven Rostedt
2013-01-24 8:51 ` Jan Beulich
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.